Threat researchers at Positive Technologies have discovered four security vulnerabilities affecting Fortinet‘s FortiWeb firewalls and web applications and is advising customers to update their deployments as soon as possible.
The first of these vulnerabilities (CVE-2020-29015) received a severity score of 6.4 and allowed an unauthorized user to execute a blind SQL database injection attack through the FortiWeb interface. Once exploited, the attacker would have the ability to send requests with an authorization header containing malicious SQL commands, Positive Technology wrote in a blog post last week.
The second (CVE-2020-29016) and third (CVE-2020-29019) vulnerabilities also received a severity scores of 6.4 and allowed researchers to execute a stack buffer overflow attack on the FortiWeb service, allowing them to run unauthorized code and execute a denial-of-service attack on the application’s httpd daemon.
The final vulnerability (CVE-2020-29018) received a slightly lower threat score of 5.3 and allowed for a format-string exploit. According to researchers, if exploited, an attacker would be able to read the contents of the system memory, obtain sensitive data, and execute unauthorized code using a “redir” parameter.
According to Andrey Medov, a threat researcher at Positive Technologies, the first two vulnerabilities are particularly potent as they don’t require authorization to exploit.
“The first allows you to obtain the hash of the system administrator account due to excessive [database management system] user privileges, which gives you access to the API without decrypting the hash value,” he wrote. “The second one allows arbitrary code execution.”
Medov added that while the fourth vulnerability also allowed for unauthorized code to be run, it was less severe as the exploit required authentication.
Fortinet was made aware of these vulnerabilities in early January, and the company has since patched them. Fortinet is encouraging customers to update FortiWeb versions 6.2 and 6.3 to 6.3.8 and 6.2.4, respectively, to apply the patches.